RADIUS Service Options
These are the Radius service options available for the primary and secondary servers.
RFC 5580 Out of Band Location Delivery: If you want out-of-band location delivery (RFC 5580) to apply only to Ruckus APs, select the Enable for Ruckus AP Only check box.
Configure the primary RADIUS server settings.
| Option | Description |
|---|---|
| IP Address | Type the IP address of the RADIUS server. Both IPv4 and IPv6 protocols are supported. |
| Port | Type the port number of the RADIUS server. The default RADIUS server port number is 1812 and the default RADIUS Accounting server port number is 1813. |
| Shared Secret | Type the RADIUS shared secret. |
| Confirm Secret | Retype the shared secret to confirm. |
If you have a secondary RADIUS server on the network that you want to use as a backup, select the Enable Secondary Server check box, and then configure the settings below.
| Option | Description |
|---|---|
| Backup RADIUS | Select Enable Secondary Server. When a secondary RADIUS server is enabled and the primary RADIUS server becomes unavailable, the secondary Automatic Fallback Disable server takes over the handling of RADIUS requests. When the primary server becomes available again, it takes back control over RADIUS requests from the secondary server. If you want to prevent the primary server from retaking control over RADIUS requests from the secondary server, select the Automatic Fallback Disable check box. |
| IP Address | Type the IP address of the secondary AAA server. IPv4 and IPv6 addressing formats are supported. |
| Port | Type the port number of the secondary AAA server port number. The default RADIUS server port number is 1812 and the default RADIUS Accounting server port number is 1813. |
| Shared Secret | Type the AAA shared secret. |
| Confirm Secret | Retype the shared secret to confirm. |
These options define the health monitoring settings of the primary and secondary RADIUS servers, when the controller is configured as RADIUS proxy for RADIUS Authentication and Accounting messages.
| Option | Description |
|---|---|
| Response Window | Set the time (in seconds) after which, if the AAA server does not respond to a request, the controller will initiate the zombie period (see below) Response Window. If the primary AAA server does not respond to RADIUS messages sent after Response Window expires, the controller will forward the retransmitted RADIUS messages to the secondary AAA server.
NOTE The zombie period is not started immediately after the Response Window expires, but after the configured Response Window plus ¼ of the configured Zombie Period. The default Response Window is 20 seconds The zombie period is not started immediately after the Response Window expires, but after the configured Response Window plus ¼ of the configured Zombie Period. The default Response Window is 20 seconds
|
| Zombie Period | Set the time (in seconds) after which, if the AAA server does not respond to ANY packets during the zombie period, it will be considered to inactive or unreachable. An AAA server that is marked zombie (inactive or unreachable) will be used to proxy with a low priority. If there are other live AAA servers, the controller will attempt to use these servers first instead of the zombie AAA server. The controller will only proxy requests to a zombie server only when there are no other live servers. Any request that is sent as a proxy to an AAA server will continue to be sent to that AAA server until the home server is marked inactive or unreachable. At that point, the request will fail over to another server, if a live AAA server is available. The default Zombie Period is 40 seconds. |
| Revive Interval | Set the time (in seconds) after which, if no RADIUS messages are sent as proxy to the AAA server after it has been marked as inactive or unreachable, the controller will mark the AAA server as active again (and assume that it has become reachable again). The default Revive Interval is 120 seconds. |
| No Response Fail | Click Yes to respond with a reject message to the NAS if no response is received from the RADIUS server. Click No to skip sending a response. |
NOTE
To ensure that the RADIUS fail-over mechanism functions correctly, either accept the default values for the Response Window, Zombie Period, and Revive Interval, or make sure that the value for Response Window is always higher than the value for RADIUS NAS request timeout multiplied by the value for RADIUS NAS max number of retries. For third party APs, you must ensure that the configured Response Window on the controller is higher than the RADIUS NAS request timeout multiplied by the RADIUS value. The maximum number of retries is configured at the 3rd party controller/AP.
Configure the following options.
| Option | Description |
|---|---|
| Maximum Outstanding Requests (MOR) | Set the maximum outstanding requests per server. Type 0 to disable it, or set a value between 10 and 4096. |
| Threshold (% of MOR) | Set a percentage value of the MOR at which (when reached) the controller will generate an event. Threshold (% of MOR). For example, if the MOR is set to 1000 and the threshold is set to 50%, the controller will generate an event when the number of outstanding requests reaches 500. |
| Sanity Timer | Set a timer (in seconds) that will be started whenever a condition that generates an event is reached. This helps prevent conditions that trigger events which occur frequently. |